PT-2005-5032 · Adobe · Coldfusion Mx

Published

2005-12-17

Updated

2011-03-08

CVE-2005-4345

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe ColdFusion MX version 7.0

Description The issue allows local developers to obtain the password hash of the Administrator through an API call, potentially gaining privileges.

Recommendations For Adobe ColdFusion MX version 7.0, consider restricting access to the API endpoint that exposes the Administrator's password hash until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4345

Affected Products

Coldfusion Mx

PT-2005-5032 · Adobe · Coldfusion Mx

CVE-2005-4345

Related Identifiers

Affected Products

References · 6